CloudFormation template with VPC, public and private subnets, prepared for deployment of a database and an API. Article with explanation available here: http://rozchmurzeni.pl/vpc---prywatne-podsieci
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: 2010-09-09 | |
| Description: >- | |
| VPC with private subnet prepared for deployment of DB and API. | |
| Full article with explanation available here: http://rozchmurzeni.pl/vpc---prywatne-podsieci | |
| Resources: | |
| Vpc: | |
| Type: AWS::EC2::VPC | |
| Properties: | |
| CidrBlock: 10.0.0.0/16 | |
| EnableDnsHostnames: true | |
| InternetGateway: | |
| Type: AWS::EC2::InternetGateway | |
| InternetGatewayAttachment: | |
| Type: AWS::EC2::VPCGatewayAttachment | |
| Properties: | |
| InternetGatewayId: !Ref InternetGateway | |
| VpcId: !Ref Vpc | |
| # Publiczny subnet | |
| PublicRouteTable: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref Vpc | |
| InternetRoute: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| RouteTableId: !Ref PublicRouteTable | |
| GatewayId: !Ref InternetGateway | |
| PublicSubnet: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: eu-west-1a | |
| CidrBlock: 10.0.1.0/24 | |
| MapPublicIpOnLaunch: true | |
| VpcId: !Ref Vpc | |
| PublicSubnetTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref PublicRouteTable | |
| SubnetId: !Ref PublicSubnet | |
| # Prywatny subnet | |
| PrivateRouteTable: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref Vpc | |
| PrivateSubnet: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: eu-west-1c | |
| CidrBlock: 10.0.3.0/24 | |
| VpcId: !Ref Vpc | |
| PrivateSubnetTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref PrivateRouteTable | |
| SubnetId: !Ref PrivateSubnet | |
| # Security grupy | |
| ApiSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: Api security group | |
| GroupName: api-security-group | |
| SecurityGroupIngress: | |
| - Description: Open https traffic | |
| CidrIp: 0.0.0.0/0 | |
| IpProtocol: TCP | |
| FromPort: 443 | |
| ToPort: 443 | |
| VpcId: !Ref Vpc | |
| DatabaseSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: Database secruity group | |
| GroupName: db-security-group | |
| SecurityGroupIngress: | |
| - Description: Allow traffic from api | |
| IpProtocol: TCP | |
| FromPort: 3306 | |
| ToPort: 3306 | |
| SourceSecurityGroupId: !Ref ApiSecurityGroup | |
| VpcId: !Ref Vpc |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment